|
| 1 | +/* |
| 2 | + * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. |
| 3 | + * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. |
| 4 | + * |
| 5 | + * |
| 6 | + * |
| 7 | + * |
| 8 | + * |
| 9 | + * |
| 10 | + * |
| 11 | + * |
| 12 | + * |
| 13 | + * |
| 14 | + * |
| 15 | + * |
| 16 | + * |
| 17 | + * |
| 18 | + * |
| 19 | + * |
| 20 | + * |
| 21 | + * |
| 22 | + * |
| 23 | + * |
| 24 | + */ |
| 25 | + |
| 26 | +package com.sun.security.ntlm; |
| 27 | + |
| 28 | +import java.math.BigInteger; |
| 29 | +import java.util.Arrays; |
| 30 | +import java.util.Date; |
| 31 | +import java.util.Locale; |
| 32 | + |
| 33 | +/** |
| 34 | + * The NTLM client. Not multi-thread enabled.<p> |
| 35 | + * Example: |
| 36 | + * <pre> |
| 37 | + * Client client = new Client(null, "host", "dummy", |
| 38 | + * "REALM", "t0pSeCr3t".toCharArray()); |
| 39 | + * byte[] type1 = client.type1(); |
| 40 | + * // Send type1 to server and receive response as type2 |
| 41 | + * byte[] type3 = client.type3(type2, nonce); |
| 42 | + * // Send type3 to server |
| 43 | + * </pre> |
| 44 | + */ |
| 45 | +public final class Client extends NTLM { |
| 46 | + private final String hostname; |
| 47 | + private final String username; |
| 48 | + |
| 49 | + private String domain; |
| 50 | + private byte[] pw1, pw2; |
| 51 | + |
| 52 | + /** |
| 53 | + * Creates an NTLM Client instance. |
| 54 | + * @param version the NTLM version to use, which can be: |
| 55 | + * <ul> |
| 56 | + * <li>LM/NTLM: Original NTLM v1 |
| 57 | + * <li>LM: Original NTLM v1, LM only |
| 58 | + * <li>NTLM: Original NTLM v1, NTLM only |
| 59 | + * <li>NTLM2: NTLM v1 with Client Challenge |
| 60 | + * <li>LMv2/NTLMv2: NTLM v2 |
| 61 | + * <li>LMv2: NTLM v2, LM only |
| 62 | + * <li>NTLMv2: NTLM v2, NTLM only |
| 63 | + * </ul> |
| 64 | + * If null, "LMv2/NTLMv2" will be used. |
| 65 | + * @param hostname hostname of the client, can be null |
| 66 | + * @param username username to be authenticated, must not be null |
| 67 | + * @param domain domain of {@code username}, can be null |
| 68 | + * @param password password for {@code username}, must not be not null. |
| 69 | + * This method does not make any modification to this parameter, it neither |
| 70 | + * needs to access the content of this parameter after this method call, |
| 71 | + * so you are free to modify or nullify this parameter after this call. |
| 72 | + * @throws NTLMException if {@code username} or {@code password} is null, |
| 73 | + * or {@code version} is illegal. |
| 74 | + * |
| 75 | + */ |
| 76 | + public Client(String version, String hostname, String username, |
| 77 | + String domain, char[] password) throws NTLMException { |
| 78 | + super(version); |
| 79 | + if ((username == null || password == null)) { |
| 80 | + throw new NTLMException(NTLMException.PROTOCOL, |
| 81 | + "username/password cannot be null"); |
| 82 | + } |
| 83 | + this.hostname = hostname; |
| 84 | + this.username = username; |
| 85 | + this.domain = domain == null ? "" : domain; |
| 86 | + this.pw1 = getP1(password); |
| 87 | + this.pw2 = getP2(password); |
| 88 | + debug("NTLM Client: (h,u,t,version(v)) = (%s,%s,%s,%s(%s))\n", |
| 89 | + hostname, username, domain, version, v.toString()); |
| 90 | + } |
| 91 | + |
| 92 | + /** |
| 93 | + * Generates the Type 1 message |
| 94 | + * @return the message generated |
| 95 | + */ |
| 96 | + public byte[] type1() { |
| 97 | + Writer p = new Writer(1, 32); |
| 98 | + // Negotiate always sign, Negotiate NTLM, |
| 99 | + // Request Target, Negotiate OEM, Negotiate unicode |
| 100 | + int flags = 0x8207; |
| 101 | + if (v != Version.NTLM) { |
| 102 | + flags |= 0x80000; |
| 103 | + } |
| 104 | + p.writeInt(12, flags); |
| 105 | + debug("NTLM Client: Type 1 created\n"); |
| 106 | + debug(p.getBytes()); |
| 107 | + return p.getBytes(); |
| 108 | + } |
| 109 | + |
| 110 | + /** |
| 111 | + * Generates the Type 3 message |
| 112 | + * @param type2 the responding Type 2 message from server, must not be null |
| 113 | + * @param nonce random 8-byte array to be used in message generation, |
| 114 | + * must not be null except for original NTLM v1 |
| 115 | + * @return the message generated |
| 116 | + * @throws NTLMException if the incoming message is invalid, or |
| 117 | + * {@code nonce} is null for NTLM v1. |
| 118 | + */ |
| 119 | + public byte[] type3(byte[] type2, byte[] nonce) throws NTLMException { |
| 120 | + if (type2 == null || (v != Version.NTLM && nonce == null)) { |
| 121 | + throw new NTLMException(NTLMException.PROTOCOL, |
| 122 | + "type2 and nonce cannot be null"); |
| 123 | + } |
| 124 | + debug("NTLM Client: Type 2 received\n"); |
| 125 | + debug(type2); |
| 126 | + Reader r = new Reader(type2); |
| 127 | + byte[] challenge = r.readBytes(24, 8); |
| 128 | + int inputFlags = r.readInt(20); |
| 129 | + boolean unicode = (inputFlags & 1) == 1; |
| 130 | + |
| 131 | + // IE uses domainFromServer to generate an alist if server has not |
| 132 | + // provided one. Firefox/WebKit do not. Neither do we. |
| 133 | + //String domainFromServer = r.readSecurityBuffer(12, unicode); |
| 134 | + |
| 135 | + int flags = 0x88200 | (inputFlags & 3); |
| 136 | + Writer p = new Writer(3, 64); |
| 137 | + byte[] lm = null, ntlm = null; |
| 138 | + |
| 139 | + p.writeSecurityBuffer(28, domain, unicode); |
| 140 | + p.writeSecurityBuffer(36, username, unicode); |
| 141 | + p.writeSecurityBuffer(44, hostname, unicode); |
| 142 | + |
| 143 | + if (v == Version.NTLM) { |
| 144 | + byte[] lmhash = calcLMHash(pw1); |
| 145 | + byte[] nthash = calcNTHash(pw2); |
| 146 | + if (writeLM) lm = calcResponse (lmhash, challenge); |
| 147 | + if (writeNTLM) ntlm = calcResponse (nthash, challenge); |
| 148 | + } else if (v == Version.NTLM2) { |
| 149 | + byte[] nthash = calcNTHash(pw2); |
| 150 | + lm = ntlm2LM(nonce); |
| 151 | + ntlm = ntlm2NTLM(nthash, nonce, challenge); |
| 152 | + } else { |
| 153 | + byte[] nthash = calcNTHash(pw2); |
| 154 | + if (writeLM) lm = calcV2(nthash, |
| 155 | + username.toUpperCase(Locale.US)+domain, nonce, challenge); |
| 156 | + if (writeNTLM) { |
| 157 | + // Some client create a alist even if server does not send |
| 158 | + // one: (i16)2 (i16)len target_in_unicode (i16)0 (i16) 0 |
| 159 | + byte[] alist = ((inputFlags & 0x800000) != 0) ? |
| 160 | + r.readSecurityBuffer(40) : new byte[0]; |
| 161 | + byte[] blob = new byte[32+alist.length]; |
| 162 | + System.arraycopy(new byte[]{1,1,0,0,0,0,0,0}, 0, blob, 0, 8); |
| 163 | + // TS |
| 164 | + byte[] time = BigInteger.valueOf(new Date().getTime()) |
| 165 | + .add(new BigInteger("11644473600000")) |
| 166 | + .multiply(BigInteger.valueOf(10000)) |
| 167 | + .toByteArray(); |
| 168 | + for (int i=0; i<time.length; i++) { |
| 169 | + blob[8+time.length-i-1] = time[i]; |
| 170 | + } |
| 171 | + System.arraycopy(nonce, 0, blob, 16, 8); |
| 172 | + System.arraycopy(new byte[]{0,0,0,0}, 0, blob, 24, 4); |
| 173 | + System.arraycopy(alist, 0, blob, 28, alist.length); |
| 174 | + System.arraycopy(new byte[]{0,0,0,0}, 0, |
| 175 | + blob, 28+alist.length, 4); |
| 176 | + ntlm = calcV2(nthash, username.toUpperCase(Locale.US)+domain, |
| 177 | + blob, challenge); |
| 178 | + } |
| 179 | + } |
| 180 | + p.writeSecurityBuffer(12, lm); |
| 181 | + p.writeSecurityBuffer(20, ntlm); |
| 182 | + p.writeSecurityBuffer(52, new byte[0]); |
| 183 | + |
| 184 | + p.writeInt(60, flags); |
| 185 | + debug("NTLM Client: Type 3 created\n"); |
| 186 | + debug(p.getBytes()); |
| 187 | + return p.getBytes(); |
| 188 | + } |
| 189 | + |
| 190 | + /** |
| 191 | + * Returns the domain value provided by server after the authentication |
| 192 | + * is complete, or the domain value provided by the client before it. |
| 193 | + * @return the domain |
| 194 | + */ |
| 195 | + public String getDomain() { |
| 196 | + return domain; |
| 197 | + } |
| 198 | + |
| 199 | + /** |
| 200 | + * Disposes any password-derived information. |
| 201 | + */ |
| 202 | + public void dispose() { |
| 203 | + Arrays.fill(pw1, (byte)0); |
| 204 | + Arrays.fill(pw2, (byte)0); |
| 205 | + } |
| 206 | +} |
0 commit comments